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DETAILED ACTION 



This is in response to a letter for patent filed on January 5 , 2001 in which claims 1-36 are 
presented for examination. Claims 1-36 are pending in the letter. 

Claim Rejections - 35 USC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(a) the invention was known or used by others in this country, or patented or described in a printed publication in this 
or a foreign country, before the invention thereof by the applicant for a patent. 

2. Claims 1-36 are rejected under 35 U.S.C. 102(a) as being anticipated by Rowney et al 
(U.S. Patent No. 5,996,076). 

3. As per claims 1,6, 11, 16, 27 and 32, Rowney et al teach a computerized method having 
a process flow operating over a computer network comprising a plurality of interconnected 
computers and a plurality of resources, each computer including a processor, memory and 
input/output devices, each resource operatively coupled to at least one of the computers and 
executing at least one of the activities in the process flow, the method comprising assembling an 
electronic authorization of a transaction, extracting verifiable role certificates from said 
electronic authorization; and verifying whether role certificates, associated with the 
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authorization, are themselves authentic {see fig 1C, 4, 12A, 12B, 15B, 16, 26, 30, 35, column 15 
lines 10-16 line 33, 1 7 lines 8-18 line 34). 

4. As per claims 2, 7, 12, 17, 28 and 33, Rowney et al teach a computerized method wherein 
roles associated with the role certificates are hashed and compared with hashed roles in a 
database of hashed roles {see fig 1C, 4, 12A, 12B, 15B, 16, 26, 30, 35, column 15 lines 10-16 line 
33, 17 lines 8-18 line 34). 

5. As per claims 3, 8, 13, 1 8, 29 and 34, Rowney et al teach a computerized method wherein 
the authorization is further insured by verifying that role certificates associated with the 
authorization correspond with roles in a permission set of roles of an authorization structure, the 
role certificates of which being required to authorize the transaction {see fig 1C, 4, 12 A, 12B, 
15B f 16, 26, 30, 35, column 15 lines 10-16 line 33, 17 lines 8-18 line 34). 

6. As per claims 4, 9, 14, 19, 30 and 35, Rowney et al teach a computerized method wherein 
the authorization structure is an authorization tree {see fig 1C, 4, 12 A, 12B, 15B, 16, 26, 30, 35, 
column 15 lines 10-16 line 33, 17 lines 8-18 line 34). 

1. As per claims 5, 10, 15, 20, 31 and 36, Rowney et al teach a computerized method 
wherein the roles are extracted from the role certificates associated with the transaction, each 
extracted role being hashed and these hashed roles being concatenated and hashed again, and 
then concatenated with hashes of other permission sets, if any, according to the authorization 
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structure and hashed once again, resulting in a computed hash value which may be compared to 
that which was signed by the Transaction Administrator, a match indicating that the transaction 
is authorized (see fig 1C, 4, 12A, 12B, 15B, 16, 26, 30, 35, column 15 lines 10-16 line 33, 17 
lines 8-18 line 34). 



8. As per claims 21 and 24, Rowney et al teach a Transaction Authorization Method 
encoded on a computer readable medium, the method having the following steps receiving a 
request for a transaction, obtaining an electronic representation of a document having details of 
the transaction from a Digital Document Database obtaining the role certificate signed with a 
signature by a Transaction Administrator from a Role Certificate Database and verifying the 
signature, returning the transaction details to the requester awaiting and receiving from the 
requester the completed representation, signed by the requester requesting the Authorization 
Structure for the transaction from the Authorization Structure Database, the Authorization 
Structure being pre-signed with a signature by the Transaction Administrator and verifying the 
signature, and choosing a permission set of role names and user members of the permission set to 
contact to sign in these role names forwarding details of the transaction request with the 
signature of the requester to others having roles corresponding to the chosen permission set and 
collecting signatures of each role indicated in the permission set, requesting role certificates from 
the Role Certificate Database and signatures for each member of the permission set and encoding 
the same on the document; and forwarding the completed electronic document including the 
signatures and role certificates to the requester, the document including authorization details 
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required in order to confirm the validity of the transaction (see fig 1C, 4, 12 A, 12B, 15B, 16, 26, 
30, 35, column 15 lines 10-16 line 33, 17 lines 8-18 line 34). 

9. As per claims 22 and 25, Rowney et al teach a Transaction Authorization Method 
wherein the role certificates and the Authorization Structure consist of hashed information about 
permission sets and roles, such hashed information substituting for the unhashed role certificates 
and permission sets (see fig 1C, 4, 12A, 12B, 15B, 16, 26, 30, 35, column 15 lines 10-16 line 33, 
17 lines 8-18 line 34). 

10. As per claims 23 and 26, Rowney et al teach a Transaction Verification Method encoded 
on a computer readable medium, the method having the following steps receiving an electronic 
document representing a transaction, associated transaction details being signed by a Transaction 
Authority, a collection of role certificates certifying named roles signed by a Role Authority, the 
transaction details signed by each of the signing keys corresponding to the verification keys in 
the role certificates, and the Authorization Structure, using a verification key of the Role 
Authority to check each certificate on the document, in the following manner, checking the 
signatures on the transaction details using the verification keys in the supplied role certificates 
extracting the named roles from the role certificates hashing the roles using a hash-of-hashes 
process, checking the computed hash value of the transaction against that was originally signed 
by the Transaction Authority to ensure that it is equal to the value for the transaction received in 
the Authorization Structure, using the output of the hash-of-hashes process as input to check the 
signature on the hash-of-hashes process; if the produced hash-of-hashes string matches the 
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hashed string signed by the Transaction Authority, then assuming that the request is authorized; 
and reporting the result {see fig 1C, 4, 12A, 12B, 15B, 16, 26, 30, 35, column 15 lines 10-16 line 
33, 17 lines 8-18 line 34), 



1 1 . The prior art made of record and not relied upon is considered pertinent to applicants 
disclosure, (see form 892), 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Firmin Backer whose telephone number is (703) 305-0624. The 
examiner can normally be reached on Mon-Thu 8:30-6:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, James Trammell can be reached on (703) 305-9768. The fax phone numbers for the 
organization where this application or proceeding is assigned are (703) 305-7687 for regular 
communications and (703) 305-7687 for After Final communications. 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone numbersis (703) 308-11 13. 
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